Research On Data Mining Based Methodologies For Industrial Network Intrusion Detection

With the gradual integration of Internet technology and modern industrial production,while the network makes manufacturing more intelligent and efficient,it also exposes the Industrial Internet to more security threats.Therefore,protecting the security of network information and discovering and handling abnormal access data in a timely manner are essential to ensure the safe and stable operation of the Industrial Internet.The intrusion detection system,as a network security defense tool,can quickly detect and identify malicious intrusions and make emergency response.In the field of network intrusion detection based on data mining,the data to be processed exists in the form of static data sets or dynamic data streams.However,it is very easy to cause poor data mining algorithms due to data redundancy and consumes a lot of computing and storage resources in intrusion detection for static data.Besides,limited observation samples may lead to the intrusion detection for dynamic data streams can not adapt well to the dynamic changes of data flow.Based on the above problems,this article makes the following work:1.Based on the basic concept,core algorithm and implementation process of the classic decision tree algorithm,the thesis analyzes the connection and difference between the design principle,implementation details,and main demands of the decision tree algorithm under the static data set and dynamic data streams.2.In view of the problem that data redundancy affects the effect of data mining algorithms in intrusion detection for static data sets,the paper proposes a data reduction method based on the tree model.As a data preprocessing method,this method combines the subgroup discovery technology to filter the data set,reduce the size of the data set,and divide the data set reasonably,thereby reducing the computational cost of subsequent data mining algorithms.The experimental results of multiple data sets show that this method can effectively reduce the size of the data set;combined with the decision tree classification algorithm,the experimental results of the KDDCUP1999 intrusion detection data set show that the data set after data reduction can be built with a compact structure and a smaller size of Decision tree,and effectively improve the efficiency of decision tree classification on the basis of ensuring classification accuracy.3.In view of the problem that the data mining model established with limited samples in intrusion detection for dynamic data streams cannot fully adapt to data changes,the paper improves and proposes a fast decision tree classification algorithm based on probability estimation.The algorithm uses the Very Fast Decision Tree(VFDT)as the basic framework,combined with two probability correction methods of Laplace smoothing and Wilson interval mean estimation,then adjusts the attribute test conditions to select the best split attribute.The experimental results of the NSL-KDD intrusion detection data set show that the improved algorithm can obtain a fast decision tree model with a compact structure and a smaller size,and improve the adaptability of the model to the evolution of the data stream while ensuring the prediction ability of the model to the data stream.